Topic: CS0-003 topic 1 question 25

A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to build the case for the investigation. Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?

A.
Create a timeline of events detailing the date stamps, user account hostname and IP information associated with the activities
B.
Ensure that the case details do not reflect any user-identifiable information Password protect the evidence and restrict access to personnel related to the investigation
C.
Create a code name for the investigation in the ticketing system so that all personnel with access will not be able to easily identify the case as an HR-related investigation
D.
Notify the SOC manager for awareness after confirmation that the activity was intentional

Re: CS0-003 topic 1 question 25

PII is important and should be always protected

Re: CS0-003 topic 1 question 25

Always protect the data, whether data at rest, data in transit, data in use or in this case... PII.
B. is correct.

Re: CS0-003 topic 1 question 25

Because we are dealing with privacy and HR B is the answer. However, A would be the actual investigation to be submitted, hostname and IP isn't really a privacy concern on an organizational network.

Re: CS0-003 topic 1 question 25

This is the most logical option to the question posed.